Some thoughts about security & support
Reviewed byAnonymousonMon, 18th July 2005
This software does offer some very nice features and functions. There are two or three things about it, though, that make me wonder wether it is as good as most seem to think:
1. PHP is a scripting language; almost any available PHP script is in plain text so that you can review the code that is executed on your sever. This is true, even if the application is not licensed as Open Source. TraceWatch is written in a way that obstructs and scrambles the plain text so that no one can say what it is really doing.
That makes me wonder, because TraceWatch does not cost anything. It is still forbidden to reverseengenier the code so as to check it. Without a testing server specially configured for that purpose, it is impossible (without breaking the license) to tell wether it is seeking contact to its creator or whatever else it might be doing.
One of the problems involved is that TraceWatch requires access to a database, for instance, or could be used as a spam relay or DoS base or whatever ... I am not saying, it does any of these things, I am just stating that there is no easy way of finding out if it does.
2. A visit is identified based on the IP of incomming user. This is rather odd, since it does not yield any usefull results. Anyone having more than one computer behind a router, for instance, will be counted as one visitor. That would be true for home users with a LAN and almost any coorporate users.
Why not use a session identifier? That way, a user could be identified by his browser, which would render much more usefull results.
3. I and some buddies of mine mailed the author of TraceWatch these concerns and thoughts via his website feedback form a few weeks ago. We are still waiting for any reaction ...
So, while I think the applications is very nice and could come quite handy, I will not use it on any site I run. Reasons are that I do have some security concerns and that I do not need information about the IPs that visit my sites but about the people doing so.